webmail vulnerability

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#1
Without going into the details but having done a little forensic study on a third party machine, I suggest we all delete (or patch) any copy of html2text.php above our webroot.

dicko
 

rollinsolo

Joined
Feb 11, 2009
Messages
279
Likes
0
Points
0
#2
I tried to locate the file name and could not locate it. I guess Im ok there.
 

Kalama Sutra

Joined
Apr 15, 2009
Messages
95
Likes
0
Points
0
#3
hi dicko,

<<and for others>>

I found html2text.php in two locations:

/var/www/html/mail/program/lib/html2text.php

/var/www/html/mail/bin/html2text.php


Would you suggest the patch process, please.


<< currently, can I get away for the moment renaming BOTH files to / .... / ..../ "xxhtml2text.php" ? until patched ??? >>

Regards & Thanks from the community, ;)

Jim
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4
To be honest, I don't really care for webmail, who uses it anyway, so my solution is to delete the whole kaboodle, I assume that roundcubemail have fixed it by now and we at Elastix are notoriously slow in maintaining "upstream" thirdparty apps. which is why the vulnerability remains so a quick grab of the latest roundcube is probably already patched, so if you need and use it, I suggest you replace the current /var/www/mail/ directory with the latest and greatest from the "perps" :)


dicko
 

rollinsolo

Joined
Feb 11, 2009
Messages
279
Likes
0
Points
0
#5
I agree most big businesses already have exchange or I push Google Apps because once again its free and google. I wish some of the features built in were optional modules that one could download and install as needed so there would be less vulnerabilities that we would have to keep track of.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,564
Latest member
Mai Tuyen
Top